Security Bulletin: IBM WebSphere MQ Channelのデータ変換が拒否されてしまう (CVE-2016-3013)

Summary メッセージチャネルエージェントMCAがキューから大きなメッセージを取得してデータ変換をすると、バッファオーバーフローが起きてチャネルが異常終了する可能性があります。 最新の情報については下記の文書（英語）をご参照ください。 Security Bulletin: IBM WebSphere MQ Channel data conversion denial of service CVE-2016-3013 http://www.ibm.com/support/docview.wss?uid=swg21998661 Vulnerability Details CVEID:...

IBM Sametime Connect日志信息泄漏漏洞

Bugtraq ID:65937 CVE ID:CVE-2014-0890 IBM Sametime提供了一套整合的企业级即时通讯软件,能够更轻松地查找和联系同事、客户和业务合作伙伴,并展开协作,极大地提高员工实时沟通的能力。 如果用户设置日志标记至高级别，使用Audio/Video聊天时，应用会把用户密码以明文方式或编码的方式存储，允许攻击者利用漏洞获取敏感信息。 0 IBM Sametime Connect 8.5.1 IBM Sametime Connect 8.5.1.1 IBM Sametime Connect 8.5.1.2 IBM Sametime Connect 8.5....

IBM Lotus Notes Sametime User Enumeration

This module extracts usernames using the IBM Lotus Notes Sametime web interface using either a dictionary attack which is preferred, or a bruteforce attack trying all usernames of MAXDEPTH length or less. This module requires Metasploit: https://metasploit.com/download Current source:...

IBM Lotus QuickR qp2 ActiveX Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 HttpClients::IE,...

IBM Lotus Domino iCalendar MAILTO Buffer Overflow

This module exploits a vulnerability found in IBM Lotus Domino iCalendar. By sending a long string of data as the "ORGANIZER;mailto" header, process "nRouter.exe" crashes due to a Cstrcpy routine in nnotes.dll, which allows remote attackers to gain arbitrary code execution. Note: In order to...